1. Information We Collect

1.1 Information You Provide Directly

When you use Milalo to create promises, we collect the following information that you voluntarily provide:

• Promise Content: The title, description, deadline date and time, and category of promises you create
• Privacy Preferences: Your choice to make a promise public or private
• Unique Identifiers: The 8-character Promise ID generated for each promise you create

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

• IP Address: Your Internet Protocol address, used for rate limiting and security purposes
• Browser Information: Browser type, version, and language preferences
• Device Information: Device type, operating system, and screen resolution
• Usage Data: Pages visited, time spent on pages, and interaction patterns
• Timestamps: Date and time of your visits and actions
• Referral Information: The website that referred you to Milalo

1.3 Information from Third Parties

We may receive information from third-party services integrated into our platform:

• Google reCAPTCHA: Risk assessment data to prevent automated spam
• Google AdSense: Aggregated advertising analytics (no personal identification)

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Display your public promises on the Promise Wall
• Generate and manage unique Promise IDs for retrieval
• Calculate and display countdown timers and progress indicators
• Enable search functionality for finding specific promises
• Allow sharing of promises via unique URLs

2.2 Security and Fraud Prevention

• Prevent spam and automated abuse through rate limiting
• Detect and block malicious activities and bot attacks
• Filter inappropriate content using profanity detection
• Track suspicious activity patterns to protect all users
• Verify human users through CAPTCHA verification

2.3 Service Improvement

• Analyze usage patterns to improve user experience
• Identify and fix technical issues and bugs
• Develop new features based on user behavior
• Optimize website performance and loading times

2.4 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect our rights and the rights of our users

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Consent: When you create a promise, you consent to our processing of that data for display and management purposes
• Legitimate Interests: We process data for security, fraud prevention, and service improvement based on our legitimate business interests
• Legal Obligations: We may process data to comply with applicable laws and regulations
• Contract Performance: Processing necessary to provide our services as described

4. Data Sharing and Disclosure

4.1 Public Information

By default, promises you create are displayed publicly on our Promise Wall. This includes:

• Promise title and description
• Deadline date and time
• Category selection
• Promise ID
• Creation timestamp

You may choose to make your promise private, in which case it will only be accessible via the direct Promise ID.

4.2 Service Providers

We share information with trusted third-party service providers who assist in operating our service:

• Railway: Cloud hosting and database services
• Google: reCAPTCHA verification and AdSense advertising
• GitHub: Code repository and deployment

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders and legal processes
• Government or regulatory requests
• Protection of our legal rights
• Emergency situations involving potential harm

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction.

5. Cookies and Tracking Technologies

5.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. They help websites remember your preferences and improve your browsing experience.

5.2 Cookies We Use

5.3 Managing Cookies

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Options → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Cookies and Site Permissions

Note: Disabling cookies may affect website functionality.

6. Third-Party Services

We integrate the following third-party services, each with their own privacy policies:

6.1 Google reCAPTCHA

We use Google reCAPTCHA to protect against spam and abuse. This service may collect hardware and software information, such as device and application data, and send it to Google for analysis.

Google Privacy Policy

6.2 Google AdSense

We display advertisements through Google AdSense. Google may use cookies to serve ads based on your visits to our site and other sites on the Internet.

How Google Uses Information

You can opt out of personalized advertising by visiting Google Ads Settings.

6.3 Railway (Hosting)

Our website is hosted on Railway's cloud infrastructure. Server logs may include IP addresses and access times for security purposes.

6.4 Google Fonts

We use Google Fonts to display typography. Google may log font requests including your IP address.

7. Data Retention

7.1 Promise Data

• Active Promises: Retained until the deadline passes
• Expired Promises: Displayed for 7 days after expiration, then removed from public view
• Database Cleanup: Expired promises are permanently deleted 30 days after their deadline

7.2 Security Logs

• Rate Limiting Data: Cleared every 15 minutes
• Suspicious Activity Logs: Reset after 1 hour of clean activity
• Server Logs: Retained according to hosting provider policies

7.3 Requesting Data Deletion

To request deletion of your promise or associated data, please contact us with your Promise ID.

8. Data Security

We implement comprehensive security measures to protect your information:

8.1 Technical Safeguards

• HTTPS Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Security Headers: Implementation of HTTP security headers via Helmet.js
• Input Validation: All user inputs are validated and sanitized server-side
• SQL Injection Prevention: Parameterized database queries prevent injection attacks
• XSS Protection: Content is escaped to prevent cross-site scripting

8.2 Operational Safeguards

• Rate Limiting: Prevents abuse and denial-of-service attacks
• Content Filtering: Profanity and spam detection systems
• Access Controls: Limited access to production systems
• Regular Updates: Security patches applied promptly

8.3 Incident Response

In the event of a data breach, we will:

• Investigate and contain the breach promptly
• Notify affected users when required by law
• Report to relevant authorities as required
• Take steps to prevent future incidents

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

9.1 Access and Portability

• Request a copy of your personal data we hold
• Receive your data in a structured, machine-readable format

9.2 Correction and Deletion

• Request correction of inaccurate data
• Request deletion of your personal data
• Note: Promises cannot be edited once created, but can be deleted

9.3 Restriction and Objection

• Object to processing based on legitimate interests
• Request restriction of processing in certain circumstances

9.4 Consent Withdrawal

• Withdraw consent for processing at any time
• Opt out of personalized advertising through Google settings

9.5 Exercising Your Rights

To exercise any of these rights, please contact us at dnlgby@gmail.com. We will respond to your request within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our hosting provider (Railway) and third-party services (Google) may store data in various locations globally.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Privacy Shield certification (where applicable)
• Adequacy decisions by data protection authorities

11. Children's Privacy

Milalo is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at dnlgby@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

• We will update the "Last Updated" date at the top of this page
• For significant changes, we may provide additional notice on our website
• Your continued use of Milalo after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days.